Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Security issue: Public/Anonymous access to nuget feed
-
Hello,
I am using the proget.inedo.com/productimages/inedo/progetmono:5.3.12 docker image and just realized that all NuGet feeds are accessible by the anonymous users although I did not give any permissions to the anonymous user.So using the url https://<<mydomain>>/nuget/<<myfeed>>/v3/search list all my packages for the not authenticated user!
- the "test privileges" tools shows: No privileges for the anonymous user for the specified feed
- none of the Tasks (Administer, Manage Feed,Promote Packages, Publish Packages, View & Download Packages) is allowed for anonymous users
What can I do?
-
Hi @p-bruch_5023,
Thanks for bringing this to our attention. I have created a ticket, PG-1838, to track a fix for this. It will be realeased this Friday as part of ProGet 5.3.13.
Thanks,
Rich
-
@rhessinger : Thanks, tested Version proget.inedo.com/productimages/inedo/progetmono:5.3.13 and it is working now as expected.
